Security issues and memory leak fixes for the XinFin (XDC) network

Project Trends
2023-07-12 17:35:59
Collection
The issues fixed include the failure to display recovery errors when sending transactions and the reduction of peer performance due to memory leaks.

Author: XinFin

Compiled by: ChainCatcher

The upgrade covers the feasibility of the XinFin (XDC) network addressing security issues and memory leak problems.

The XDC network is a global, open-source, permissioned proof-of-stake consensus network (XDPoS) that supports hybrid relay bridges, instant block finality, and interoperability with the ISO 20022 financial messaging standard. The network's hybrid (private/public) architecture is designed to support institutional use in trade finance and asset tokenization. The XDC network features interoperable smart contracts, 2,000 transactions per second, and Ethereum Virtual Machine compatibility, providing scalable infrastructure for enterprises and independent community contributors.

The Apothem Network (Testnet) is a network for smart contract developers to test smart contracts and protocol upgrades before deploying to the mainnet. Any upgrades to the XinFin XDC Network blockchain are first implemented on the Apothem test network, which simulates the XinFin XDC network, allowing developers and other community members to test the system before involving actual assets.

Now let's discuss the issues that the team has fixed, which will appear on the Apothem network.

internal/ethapi: EstimateGas and Call handle revert errors

The first issue mentioned is that the XDC blockchain does not display revert errors before sending transactions without any wallet/interface (metamask, XDCpay, Remix…). Errors cannot be seen before sending the transaction.

In the current version of XDPoSChain, it always returns the message: "gas required exceeds allowance or always failing transaction." If metamask or another client calls the method eth.estimateGas, the solidity contract function reverts. Therefore, users and wallet applications cannot predict when a revert will occur or receive a revert message when it does. This is the main issue in the xcantera complaint. The latest Pull Request resolves and returns the response message/reason for eth.call and eth.estimateGas. This PR has been tested on a dedicated network and will now be tested on the Apothem test network.

Code: https://explorer.apothem.network/address/xdc41cfa4c7c764c39237a765788eb0596c4b7a05ba#readContract

Request:

curl -X POST -H "Content-Type: application/json" https://rpc.apothem.network -d '

{

"jsonrpc": "2.0",

"method": "eth_estimateGas",

"params": [

{

"from": "0xD4CE02705041F04135f1949Bc835c1Fe0885513c",

"to": "0x41cfa4c7c764c39237a765788eb0596c4b7a05ba",

"data": "0x5524107700000000000000000000000000000000000000000000000000000000000000a",

"value": "0x0"

}

],

"id": 1

}'

Response:

{

"jsonrpc": "2.0",

"id": 1,

"error": {

"code": -32000,

"message": "gas required exceeds allowance or always failing transaction"

}

}

Now, users can see that this fix will first run on the XDC Apothem network.

Merge link: https://github.com/XinFinOrg/XDPoSChain/pull/200

Memory leaks degrade the performance of peers by reducing the amount of available memory. Ultimately, in the worst-case scenario, excessive available memory may be allocated, causing all or part of the system or device to stop functioning normally, applications to fail, or the system to slow down significantly due to thrashing.

The memory leak issue is based on the merged original v1/eth code, which will run on the XDC Apothem network along with the latest merge.

ChainCatcher reminds readers to view blockchain rationally, enhance risk awareness, and be cautious of various virtual token issuances and speculations. All content on this site is solely market information or related party opinions, and does not constitute any form of investment advice. If you find sensitive information in the content, please click "Report", and we will handle it promptly.
ChainCatcher Building the Web3 world with innovators